Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft Says It Blocked Attempts at Hacking Midterm Campaigns

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

strange win32 app with no help from google?

Started by coujo , Feb 17 2009 06:49 AM

Please log in to reply

3 replies to this topic

#1 coujo

Members
2 posts
OFFLINE

Local time:06:19 PM

Posted 17 February 2009 - 06:49 AM

Hi, im at wits end with this one here. normally i can fix just about all my computers issues with little trouble, though this one is a Doosey...

i have this win32 app that i honestly have no clue how it came to be or where it came from. its listed as a start up item in msconfig and when i unclick it and reboot, it reloads anyways. leads me to believe its some form of malware. the problem is that it doesnt exist on my computer under that name except under the start up items and in the registry (as hijackthis shows in a log.)

the line on the log is O4 - HKLM\..\Run: [Pcebo] rundll32.exe "C:\WINDOWS\ugeduxot.dll",e

and ugeduxot.dll',e is as it appears in the start up programs in msconfig. how ever when i go to search for this item, windows just cant find it at all.

first of all, what is it?
second, should i get rid of it, and if so, how?

as i said, Google is absolutely no help, apparently no one on the web has heard of it, seen it, or even exuded towards its existence in any way shape or form.

any help/input on this is absolutly appreciated.

edit: im running XP Pro SP3

Edited by coujo, 17 February 2009 - 07:12 AM.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 hamluis

Moderator

Moderator
55,742 posts
ONLINE

Gender:Male
Location:Killeen, TX
Local time:06:19 PM

Posted 17 February 2009 - 11:15 AM

Hi

.

At times, malware will be on a system and subsequently be removed after a scan by your AV or some other malware control/defense program. If the malware item has created a startup pointer...this may not necessarily be removed along with the malware item.

Such situations will result in malware trying to run (because of the startup pointer) but being unable to do so (because the file has been deleted.

The registry reflects some startup items, along with those reflected in files.

To see all startup items, I suggest using a tool like AutoRuns for Windows - http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

I further suggest sticking to the Logon tab of Autoruns in your initial attempt to find the pointer for this item. When you find it, you can either disable or delete it (your preference) and should then be harmless.

Louis

Malware Removal Logs Forum

Preparation Guide, Malware Removal Logs Forum

Windows Crashes, BSODs,Hangs Help & Support Forum

Backup, Imaging, Disk Management Forum